WE CLAIM : 

1 A method for distributed network address translation on a network 
telephony system, comprising in combination: 

requesting at a first network phone with a first protocol, at least one 
locally unique port from a first network device, wherein the first network phone 
and the first network device are located on a first network; 

receiving at the first network phone with the first protocol, the at least one 
locally unique port from the first network device; 

replacing at least one default or ephemeral port on the first network phone 
with the at least one locally unique port; and 

creating a combination network address for the first network phone with 
the at least one locally unique port and a common external network address, 
thereby identifying the first network phone for communications with a second 
network device located on a second network. 

2. A computer readable medium having stored therein instructions for 
causing a central processing unit to execute the method of Claim 1 . 

3 . The method of Claim 1 , wherein the first protocol is a Port Allocation 

Protocol (PAP) comprising: 

a PAP request message; 

a PAP response message; 

a PAP invalidate message; and 

at least one PAP combination network address including at least one PAP 
locally unique port and at least one PAP external network address for the first 
network. 

4. The method of Claim 1 , wherein the common external network address is 
an Internet Protocol address and the at least one locally unique port is a Port Allocation 
Protocol port. 
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5. The method of Claim 1, wherein the at least one locally unique port allows 
distributed network address translation to be used on the first network phone. 

6. The method of Claim 1 , wherein the at least one default or ephemeral port 
is selected from the group consisting of a Transmission Control Protocol port and a User 
Datagram Protocol port. 

7. The method of Claim 1, wherein the first network device is selected from 
the group consisting of a router, a port server, and a proxy 



server. 



8. The method of Claim 1, wherein the second network device is selected 
from the group consisting of a second network phone and a proxy 



server. 



9. The method of Claim 1 , wherein the method further comprises: 
registering a specified port to a proxy server on the first network; 
receiving at the proxy server a request from the second network device; 

and 

5 mapping the request from the proxy server to the first network phone. 

10. The method of Claim 9, wherein the first network operates according to 
the SIP signaling protocol, wherein the first network phone is a SIP network phone, 
wherein the proxy server is a SIP proxy server, and wherein the specified port is Port 
5060. 

11. The method of Claim 1 , wherein the method further comprises: 
receiving at a redirect server a request from the second network device; 

and 

sending a redirect message from the redirect server to the second network 
5 device, wherein the redirect message includes the combination network address 

for the first network phone. 
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12. The method of Claim 11, wherein the first network operates according to 
the SIP signaling protocol, wherein the first network phone is a SIP network phone, and 
wherein the redirect server is a SIP redirect server. 

.__ ... _ The method of Claim 1, further comprising: 

sending a request from the first network phone to the first network device 
on the first network, wherein the request is routed from the first network device to 

the second network; 

receiving a response from the first network device at the first network 
phone, wherein the response is routed from the first network device to the first 
network phone using the at least one locally unique port from the combination 
network address. 

14. The method of Claim 1 , wherein the first network is a local area network 
and the second network is selected from the group consisting of a public internet, the 
Internet, an intranet, or a public switched telephone network. 

15. The method of Claim I, wherein the second network device is a second 
network phone, further comprising initiating an encrypted network telephony call 
between the first network phone and the second network phone, using the combination 
network address. 

16. A method for distributed network address translation on a network 
telephony system, comprising in combination: 

requesting at a first network phone with a first protocol, at least one 
locally unique port from a first network device, wherein the first network phone 
and the first network device are located on a first network; 

receiving at the first network phone with the first protocol, the at least one 
locally unique port from the first network device; 

creating a request in a higher level protocol layer in a layered protocol 
stack on the first network phone, for a second network device on a second 
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network, wherein the request includes a common external network address and a 
local port on the first network phone; 

forwarding the request from the higher level protocol layer to a lower level 

protocol layer in the first network phone; 

translating the local port in the request to a locally unique port in the 

lower level protocol layer on the first network phone; 

sending the request from the first network phone to a third network device 

on the first network; and 

forwarding the request from the third network device to the second 

network device. 

17. The method of Claim 1 6, further comprising: 

receiving a response on the third network device on the common external 
network address for the first network phone from the second network device, 
wherein the response includes the common external network address and the 
locally unique port for the first network phone; 

sending the response from the third network device to the first network 

phone; 

translating the locally unique port in the response to the local port for the 
first network phone in the lower level protocol layer on the first network phone; 
and 

forwarding the response to the higher level protocol layer on the first 
network phone. 

18. A computer readable medium having stored therein instructions for 
causing a central processing unit to execute the method of Claim 17. 

19. The method of Claim 1 6, wherein the first protocol is a Port Allocation 
Protocol (PAP) comprising: 

a PAP request message; 
a PAP response message; 



43 



a PAP invalidate message; and 

at least one PAP combination network address including at least one PAP 
locally unique port and at least one PAP external network address for the first 
network. 

20. The method of Claim 16, wherein the third network device is included 
within the first network device. 

21. The method of Claim 16, wherein the first network device is a router on 
the first network. 

22. The method of Claim 1 6, wherein the common external network address is 
an Internet Protocol address and the locally unique port is a Port Allocation Protocol port. 

23 . The method of Claim 1 6, wherein the locally unique port allows 
distributed network address translation to be used on the first network phone. 

24. The method of Claim 16, wherein the local port is selected from the group 
consisting of a Transmission Control Protocol port and a User Datagram Protocol port. 

25. The method of Claim 16, wherein the first network device is selected from 
the group consisting of a router, a port server, a proxy server, and a redirect server. 

26.. The method of Claim 1 6, wherein the second network device is selected 
from the group consisting of a second network phone and a proxy i 



server. 



27. The method of Claim 16, wherein the first network is a local area network 
and the second network is selected from the group consisting of a public internet, the 
Internet, an intranet, or a public switched telephone network. 
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28. The method of Claim 16, wherein the second network device is a second 
network phone, further comprising initiating an encrypted network telephony call 
between the first network phone and the second network phone, using the common 
external network address and the locally unique port. 

29. A method for distributed network address translation in a network 
telephony system, comprising in combination: 

registering a proxy server with a router to register a specified port to the 
proxy server, wherein the proxy server and the router are located on a first 
network having at least one common external network address, and wherein the 
proxy server is operable to access at least one network address corresponding to at 
least one network phone on the first network; 

receiving at the proxy server at least one request from an external network 
phone located on an external network, wherein the request includes the at least 
one common external network address and the specified port; and 

proxying the at least one request to the at least one network phone on the 
first network. 

30. The method of Claim 29, wherein the network telephony system operates 
according to the SIP signaling protocol, wherein the proxy server is a SIP proxy server, 
wherein the router is a DNAT router, wherein one or more of the at least one network 
phone is a SIP network phone, wherein the request is a SIP Invite request, and wherein 
the specified port is a well-known port. 

/ 

3 1 . The method of Claim }f\ wherein the well-known port is Port 5060. 

32. A method for distributed network address translation in a network 
telephony system, comprising in combination: 

obtaining at least one locally unique port respectively for at least one 
network phone on a first network, wherein at least one common external network 
address is associated with the first network; 
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registering the at least one network phone with a registration server; 

receiving at a redirect server at least one request from an external network 
phone located on an external network, wherein the redirect server is registered to 
a specified port, wherein the request includes the at least one common external 
network address and the specified port; and 

sending a redirect message from the redirect server to the external network 

phone. 

33. The method of Claim 32, wherein the network telephony system operates 
according to the SIP signaling protocol, wherein the registration server is a SIP registrar, 
wherein the redirect server is a SIP redirect server, wherein the router is a DNAT router, 
wherein one or more of the at least one network phone is a SIP network phone, wherem 
the request is a SIP Invite request, and wherein the specified port is a well-known port. 



34. 



The method of Claim 33, wherein the well-known port is Port 5060. 



35. A system for distributed network address translation in a network 
telephony system, comprising in combination: 

a first network phone on a first network, with a combination network 
address from a Port Allocation Protocol, wherein the combination network 
5 address allows distributed network address translation and includes a locally 

unique port on the first network and a common external network address for the 
first network, wherein the first network phone is operable to transmit a request, 
and wherein the request includes the combination network address; and 

a second network phone on a second network, operable to receive the 
10 request and to transmit a response to the first network phone, wherein the 

response includes the combination network address. 

36. The system of Claim 35, wherein the first protocol is a Port Allocation 

Protocol (PAP) comprising: 

a PAP request message; 
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a PAP response message; 

a PAP invalidate message; and 

at least one PAP combination network address including at least one PAP 
locally unique port and at least one PAP external network address for the first 
network. 

37. The system of Claim 35, wherein the common external network address is 
an Internet Protocol address and the locally unique port is a Port Allocation Protocol port. 

38. The system of Claim 35, wherein the locally unique port allows distributed 
network address translation to be used on the first network phone. 

39. The system of Claim 35, wherein the local port is selected from the group 
consisting of a Transmission Control Protocol port and a User Datagram Protocol port. 

40. The system of Claim 35, wherein the first network is a local area network 
and the second network is selected from the group consisting of a public internet, the 
Internet, an intranet, or a public switched telephone network. 

41 . The system of Claim 35, wherein the request and the response are used to 
initiate an encrypted network telephony call between the first network phone and the 
second network phone, using the common external network address and the locally 
unique port. 
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